Marking the 10-Year Anniversary of the First XACML Interoperability Demo

It’s hard to believe, but it’s already been 10 years since I had the honor to host the first ever XACML interoperability demonstration at Burton Group’s Catalyst conference in June of 2007. We had a long tradition of hosting interoperability demonstrations, but they were typically associated with single sign-on and federation protocols, such as SAML, multi-federation protocols, a user-centric interoperability demonstration, and even SPML. However for this event, the focus was on access control and the Extensible Access Control Markup Language.

The “wayback” machine, fortunately, captured some posts about the event. For example, we put out a call to action in February that year to line up vendor participation:

Leading up to the event, I posted this 2 weeks before Catalyst:

OASIS has an excellent recap here: https://www.oasis-open.org/news/pr/eight-companies-demonstrate-interoperability-of-xacml-oasis-standard-at-catalyst-conference. Anil Saldanha (@anilsaldhana) also wrote up a short summary of the event and was wise enough to capture  Hal Lockhart interviewing the participants. You can find the blog post and a link to the podcast here: http://anil-identity.blogspot.com/2007/06/oasis-xacml-interoperability-event-at.html

XACML remains an important interoperability standard for Axiomatics, as we use it in a number of integrations with third party products. In version 3.0 of XACML, new profiles have been added recently that further enhance interoperability between different implementations of XACML. I am referring to the profiles for REST and JSON support, which are additive to the core specification.

Questions? Comments? Leave a comment below.

To learn more about XACML, please visit our Resources section.

Related Articles

The one with all the authorization vendors | Dynamically Speaking
Dynamically Speaking
Does it feel as though everyone’s suddenly talking about authorization? We think so too and asked Axiomatics President & CCO Jim Barkdoll his thoughts on...
The one about identity-first security | Dynamically Speaking
Dynamically Speaking
Few have their finger on the pulse of all things Identity and Access Management (IAM) like Jackson Shaw, Chief Strategy Officer for Clear Skye. In...
The Log4j vulnerability – What you need to know
Customer Alerts
As many of you know, on December 9, 2021 the Apache Log4j vulnerability (CVE-2021-4422) was discovered, affecting somewhere between 0 and 3 billion-plus devices currently...